[Snort-devel] Removal of flags A+ in favor of established
cmg at ...402...
Mon May 20 12:16:13 EDT 2002
"Kreimendahl, Chad J" <Chad.Kreimendahl at ...1167...> writes:
> The only problem with the new 146 is that I get MASSIVE amounts of alerts
> from http_decode. I can't seem to find the documentation on how to get it
> to shut the f*ck up.
We're still working on it. This is the first complaint I've heard
about it. I'll go ahead and add the "disable internal alerts" flag
> I've taken out all the little flags (just doing unicode), and it
> still barks about giant HTTP request and the like. Fortunately the
> asynchronous_link for stream4 fixed the excess information we were
> getting from it.
Do you have an asynchronous_link?
Chris Green <cmg at ...402...>
I've had a perfectly wonderful evening. But this wasn't it.
-- Groucho Marx
More information about the Snort-devel